CN112906068B - Block chain external agent technology calculation control method - Google Patents
Block chain external agent technology calculation control method Download PDFInfo
- Publication number
- CN112906068B CN112906068B CN202110293126.2A CN202110293126A CN112906068B CN 112906068 B CN112906068 B CN 112906068B CN 202110293126 A CN202110293126 A CN 202110293126A CN 112906068 B CN112906068 B CN 112906068B
- Authority
- CN
- China
- Prior art keywords
- special instruction
- data
- extension set
- application module
- external agent
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 21
- 238000007781 pre-processing Methods 0.000 claims description 15
- 230000003993 interaction Effects 0.000 claims description 8
- 230000005540 biological transmission Effects 0.000 claims description 7
- 238000004806 packaging method and process Methods 0.000 claims description 3
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/17—Details of further file system functions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/25—Integrating or interfacing systems involving database management systems
- G06F16/252—Integrating or interfacing systems involving database management systems between a Database Management System and a front-end application
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44521—Dynamic linking or loading; Link editing at or after load time, e.g. Java class loading
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/547—Remote procedure calls [RPC]; Web services
- G06F9/548—Object oriented; Remote method invocation [RMI]
Abstract
The invention designs a technical scheme that an external agent application module is additionally arranged, external equipment (including a database, a file system, network equipment and the like) is accessed through the agent application module, and calculation data can be efficiently transmitted to a trusted hardware calculation module of a special instruction expansion set through an API interface in a special instruction expansion set process, so that the safety of data calculation in the special instruction expansion set can be ensured, and meanwhile, the efficiency of data calculation processing of the special instruction expansion set can be improved.
Description
Technical Field
The invention belongs to the field of energy chain open permit chains, and particularly relates to a method for computing and controlling based on a block chain external agent technology.
Background
The special instruction extension set is a trusted computing design, and aims to solve the problem of safe computing by utilizing trusted hardware in a remote computer, wherein the trusted hardware establishes a safe container, a remote computing service uploads required computing data into the safe container, and the trusted hardware can protect confidentiality and integrity of the data when executing the computing.
In order to ensure that the calculated secure container is secure enough, the external hardware equipment is not suitable to be accessed in the special instruction expansion set, if a large number of hardware equipment is accessed, the security of the special instruction expansion set is reduced if the hardware equipment comprises a database and a file system, the current special instruction expansion set also does not support direct access to system equipment, if the system equipment needs to be accessed, a large number of code transplanting works need to be performed, security risks are introduced, and meanwhile, the reliability of the application is reduced.
Disclosure of Invention
In the invention, the technical problems solved by the invention are as follows: a block chain external agent technology calculation control method is provided, and the threshold of using the block chain by a user is reduced.
In order to overcome the defects in the prior art, the invention provides a block chain external agent technology calculation control method, which comprises the following steps: in the application work of a special instruction expansion set, data is transmitted only through a network channel before a network service module, and after the data enters an external agent application module, the interaction among all sub-modules in the external agent application module uses in-process calling of an API interface to transmit the data; the transmission process of the transmission data comprises the following steps: the external program sends the data to a network service module in the external agent application module through an HTTPS channel; the network service module transmits the data to the data preprocessing module through an API which can be called in the process; the data preprocessing module accesses special instruction expansion set external equipment according to the calculation requirement, wherein the special instruction expansion set external equipment comprises a file system and a database and is used for preprocessing calculated data; the preprocessed data are finally transmitted to the internal step I of the special instruction expansion set through a Java local interface API interface provided by the executable program of the special instruction expansion set, and the special instruction expansion set can be divided into two layers in a trusted computing hardware environment of the special instruction expansion set: a special instruction extension set executable program APP and a layer which can enclose a container and is compiled by the execution code of the trusted computing, wherein the special instruction extension set executable program APP is a program capable of running exe, and the enclosing container is a library file generated by compiling the calculation code through a compiling tool; step two, the library file cannot be directly operated, and the code logic in the library file can be executed only after the library file is loaded by other executable programs; the application program APP can be run by using a special instruction extension set in the implementation environment to load the enclaveable container, thereby constructing a working trusted computing environment; step three, modifying the layer of the executable program APP of the special instruction extension set into library files which can be loaded by other programs, wherein the library files loaded by the other programs comprise an APP dynamic link library; step four, besides loading files capable of surrounding the container library, java local API interfaces capable of being called in other program processes are needed to be provided; step five, packaging a proxy application module at the outermost part of the special instruction expansion set, wherein the proxy application module is an executable program, and the starting process of the proxy application module is as follows: starting an external agent application module; the external agent application module automatically loads a dynamic link library file modified by a special instruction extension set executable program APP; the dynamic link library file of the special instruction extension set executable program APP can enclose a container file when loading the special instruction extension set; and step six, providing network services through an external agent application module, wherein a data interaction preprocessing module in the external agent application module is used for directly accessing a file system and a database, and finally transmitting the preprocessed data to internal trusted computing hardware of a special instruction expansion set through an API interface to execute computation.
Detailed Description
The technical scheme of the invention is further described below with reference to the specific embodiments. The technical scheme of the invention comprises the following steps: in the application work of a special instruction expansion set, data is transmitted only through a network channel before a network service module, and after the data enters an external agent application module, the interaction among all sub-modules in the external agent application module uses in-process calling of an API interface to transmit the data; the transmission process of the transmission data comprises the following steps: the external program sends the data to a network service module in the external agent application module through an HTTPS channel; the network service module transmits the data to the data preprocessing module through an API which can be called in the process; the data preprocessing module accesses special instruction expansion set external equipment according to the calculation requirement, wherein the special instruction expansion set external equipment comprises a file system and a database and is used for preprocessing calculated data; the preprocessed data are finally transmitted to the internal step I of the special instruction expansion set through a Java local interface API interface provided by the executable program of the special instruction expansion set, and the special instruction expansion set can be divided into two layers in a trusted computing hardware environment of the special instruction expansion set: a special instruction extension set executable program APP and a layer which can enclose a container and is compiled by the execution code of the trusted computing, wherein the special instruction extension set executable program APP is a program capable of running exe, and the enclosing container is a library file generated by compiling the calculation code through a compiling tool; step two, the library file cannot be directly operated, and the code logic in the library file can be executed only after the library file is loaded by other executable programs; the application program APP can be run by using a special instruction extension set in the implementation environment to load the enclaveable container, thereby constructing a working trusted computing environment; step three, modifying the layer of the executable program APP of the special instruction extension set into library files which can be loaded by other programs, wherein the library files loaded by the other programs comprise an APP dynamic link library; step four, besides loading files capable of surrounding the container library, java local API interfaces capable of being called in other program processes are needed to be provided; step five, packaging a proxy application module at the outermost part of the special instruction expansion set, wherein the proxy application module is an executable program, and the starting process of the proxy application module is as follows: starting an external agent application module; the external agent application module automatically loads a dynamic link library file modified by a special instruction extension set executable program APP; the dynamic link library file of the special instruction extension set executable program APP can enclose a container file when loading the special instruction extension set; and step six, providing network services through an external agent application module, wherein a data interaction preprocessing module in the external agent application module is used for directly accessing a file system and a database, and finally transmitting the preprocessed data to internal trusted computing hardware of a special instruction expansion set through an API interface to execute computation.
In a trusted computing hardware environment of a special instruction extension set, we can generally say that the special instruction extension set can be divided into two layers: the application (executable exe program) and the executable code of the trusted computing compile to form a enclaspable container, wherein the APP is the executable program, and the enclaspable container is a library file generated by compiling the computing code by a compiling tool, the library file cannot be directly run, and the library file must be loaded by other executable programs to execute code logic therein. The executable program APP is typically used in implementations to load the enclaveable container, thereby building a working trusted computing environment.
In our design, we reform the APP (executable exe program) layer of the special instruction extension set into APP DLLs (library files that can be loaded by other programs) that need to provide JNI API interfaces that can be invoked in public other program processes in addition to loading the enclave library files. The method comprises the steps that a proxy application module is packaged at the outermost part of a special instruction expansion set, the proxy application module is an executable program, and the starting process is as follows:
starting an external agent application module;
the external agent application module automatically loads DLL library files modified by the special instruction extension set APP;
the DLL library file of the special instruction extension set APP can enclose the container file when the special instruction extension set is loaded.
The external agent application module is the key point of the scheme, the external agent application module can conveniently provide network services, the data interaction preprocessing module can directly access a file system and a database, and finally the preprocessed data is transmitted to the internal trusted computing hardware of the special instruction expansion set through an API interface to execute computation. In the application work of the special instruction extension set, data is transmitted only before the network service module through a network channel, and after the data enters the proxy application, the interaction among all the submodules inside the application uses an in-process calling API interface to transmit the data. The data transmission process is as follows:
the external program sends the data to a network service module in the proxy application through an HTTPS channel;
the network service module transmits the data to the data preprocessing module through an API which can be called in the process;
the data preprocessing module can access special instruction expansion set external equipment such as a file system, a database and the like according to calculation requirements, and preprocess data for calculation;
the preprocessed data is finally transmitted to the inside of the special instruction extension set through a JNI API interface provided by the special instruction extension set APP.
The present invention is not limited to the above-mentioned embodiments, and any changes or substitutions that can be easily understood by those skilled in the art within the scope of the present invention are intended to be included in the scope of the present invention. Therefore, the protection scope of the present invention should be subject to the protection scope of the claims.
The beneficial effects are that: in order to solve the problem, the technical scheme is designed, an external agent application module is additionally arranged, external equipment (comprising a database, a file system, network equipment and the like) is accessed through the agent application module, and calculation data can be efficiently transmitted to a trusted hardware calculation module of a special instruction expansion set through an API interface in a special instruction expansion set process, so that the safety of data calculation in the special instruction expansion set can be ensured, and meanwhile, the efficiency of data calculation processing of the special instruction expansion set can be improved.
Claims (1)
1. A block chain external agent technology calculation control method comprises the following steps: step one, in a trusted computing hardware environment of a special instruction extension set, the special instruction extension set can be divided into two layers: a special instruction extension set executable program APP and a layer which can enclose a container and is compiled by the execution code of the trusted computing, wherein the special instruction extension set executable program APP is a program capable of running exe, and the enclosing container is a library file generated by compiling the calculation code through a compiling tool; step two, the library file cannot be directly operated, and the code logic in the library file can be executed only after the library file is loaded by other executable programs; the application program APP can be run by using a special instruction extension set in the implementation environment to load the enclaveable container, thereby constructing a working trusted computing environment; step three, modifying the layer of the executable program APP of the special instruction extension set into library files which can be loaded by other programs, wherein the library files loaded by the other programs comprise an APP dynamic link library; step four, besides loading files capable of surrounding the container library, java local API interfaces capable of being called in other program processes are needed to be provided; step five, packaging a proxy application module at the outermost part of the special instruction expansion set, wherein the proxy application module is an executable program, and the starting process of the proxy application module is as follows: starting an external agent application module; the external agent application module automatically loads a dynamic link library file modified by a special instruction extension set executable program APP; the dynamic link library file of the special instruction extension set executable program APP can enclose a container file when loading the special instruction extension set; step six, providing network service through an external agent application module, wherein a data interaction preprocessing module in the external agent application module is used for directly accessing a file system and a database, and finally transmitting the preprocessed data to internal trusted computing hardware of a special instruction expansion set through an API interface to execute computation; wherein: in the application work of a special instruction extension set, data is transmitted only through a network channel before a network service module, and after the data enters an external agent application module, the interaction among all sub-modules in the external agent application module uses in-process calling API interfaces to transmit the data; the transmission process of the transmission data is as follows: the external program sends the data to a network service module in the external agent application module through an HTTPS channel; the network service module transmits the data to the data preprocessing module through an API which can be called in the process; the data preprocessing module accesses special instruction expansion set external equipment according to the calculation requirement, wherein the special instruction expansion set external equipment comprises a file system and a database and is used for preprocessing calculated data; the preprocessed data is finally transmitted to the inside of the special instruction extension set through a Java local interface API interface provided by the executable program of the special instruction extension set.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110293126.2A CN112906068B (en) | 2021-03-18 | 2021-03-18 | Block chain external agent technology calculation control method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110293126.2A CN112906068B (en) | 2021-03-18 | 2021-03-18 | Block chain external agent technology calculation control method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112906068A CN112906068A (en) | 2021-06-04 |
| CN112906068B true CN112906068B (en) | 2024-03-12 |
Family
ID=76105527
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110293126.2A Active CN112906068B (en) | 2021-03-18 | 2021-03-18 | Block chain external agent technology calculation control method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112906068B (en) |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102236747A (en) * | 2010-04-23 | 2011-11-09 | 北京同方微电子有限公司 | Method for upgrading conventional computer into trusted computer |
| CN109284185A (en) * | 2017-07-21 | 2019-01-29 | 英特尔公司 | The device, method and system accelerated for the transaction of block chain |
| CN109981622A (en) * | 2019-03-15 | 2019-07-05 | 智链万源(北京)数字科技有限公司 | Block chain network node permission reverse proxy method and apparatus |
| CN110097382A (en) * | 2019-05-08 | 2019-08-06 | 杜柏池 | A kind of market behavior traceability system |
| CN110263532A (en) * | 2019-05-06 | 2019-09-20 | 阿里巴巴集团控股有限公司 | Trusted computing method, equipment and system |
| CN110516007A (en) * | 2019-08-30 | 2019-11-29 | 北京百度网讯科技有限公司 | A kind of deployment control method, device, equipment and the medium of block chain network |
| CN111160905A (en) * | 2019-12-17 | 2020-05-15 | 浙江大学 | Block chain node user request processing protection method and device |
| CN111475782A (en) * | 2020-04-08 | 2020-07-31 | 浙江大学 | API (application program interface) key protection method and system based on SGX (secure gateway) software extension instruction |
| CN111865648A (en) * | 2019-04-30 | 2020-10-30 | 英特尔公司 | Method and apparatus for executing workloads in a marginal environment |
| CN111931251A (en) * | 2020-07-01 | 2020-11-13 | 陈子祺 | Credible computing chip based on block chain |
| CH716298A2 (en) * | 2019-06-07 | 2020-12-15 | Lapsechain Sa C/O Leax Avocats | A method of storing, in encrypted form, an application on a blockchain network, with prior audit of the source code of this application. |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10310824B2 (en) * | 2011-09-07 | 2019-06-04 | Imagine Communications Corp. | Distributed ledger platform for computing applications |
| US10628578B2 (en) * | 2013-03-15 | 2020-04-21 | Imagine Communications Corp. | Systems and methods for determining trust levels for computing components using blockchain |
| US10447478B2 (en) * | 2016-06-06 | 2019-10-15 | Microsoft Technology Licensing, Llc | Cryptographic applications for a blockchain system |
| US10855657B2 (en) * | 2018-10-11 | 2020-12-01 | Spredfast, Inc. | Multiplexed data exchange portal interface in scalable data networks |
| US11709956B2 (en) * | 2019-04-15 | 2023-07-25 | Accenture Global Solutions Limited | Secure data broker |
-
2021
- 2021-03-18 CN CN202110293126.2A patent/CN112906068B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102236747A (en) * | 2010-04-23 | 2011-11-09 | 北京同方微电子有限公司 | Method for upgrading conventional computer into trusted computer |
| CN109284185A (en) * | 2017-07-21 | 2019-01-29 | 英特尔公司 | The device, method and system accelerated for the transaction of block chain |
| CN109981622A (en) * | 2019-03-15 | 2019-07-05 | 智链万源(北京)数字科技有限公司 | Block chain network node permission reverse proxy method and apparatus |
| CN111865648A (en) * | 2019-04-30 | 2020-10-30 | 英特尔公司 | Method and apparatus for executing workloads in a marginal environment |
| CN110263532A (en) * | 2019-05-06 | 2019-09-20 | 阿里巴巴集团控股有限公司 | Trusted computing method, equipment and system |
| CN110097382A (en) * | 2019-05-08 | 2019-08-06 | 杜柏池 | A kind of market behavior traceability system |
| CH716298A2 (en) * | 2019-06-07 | 2020-12-15 | Lapsechain Sa C/O Leax Avocats | A method of storing, in encrypted form, an application on a blockchain network, with prior audit of the source code of this application. |
| CN110516007A (en) * | 2019-08-30 | 2019-11-29 | 北京百度网讯科技有限公司 | A kind of deployment control method, device, equipment and the medium of block chain network |
| CN111160905A (en) * | 2019-12-17 | 2020-05-15 | 浙江大学 | Block chain node user request processing protection method and device |
| CN111475782A (en) * | 2020-04-08 | 2020-07-31 | 浙江大学 | API (application program interface) key protection method and system based on SGX (secure gateway) software extension instruction |
| CN111931251A (en) * | 2020-07-01 | 2020-11-13 | 陈子祺 | Credible computing chip based on block chain |
Non-Patent Citations (3)
| Title |
|---|
| 区块链技术:架构及进展;邵奇峰;金澈清;张召;钱卫宁;周傲英;;计算机学报(第05期);3-22 * |
| 基于区块链的智能合约技术研究进展;朱岩;王静;郭倩;刘国伟;;网络空间安全(第09期);23-28+58 * |
| 用主动免疫可信计算3.0筑牢网络安全防线营造清朗的网络空间;沈昌祥;;信息安全研究(第04期);4-24 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112906068A (en) | 2021-06-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109710384B (en) | Safe Java intelligent contract interpretation execution engine and method | |
| US8281288B1 (en) | Integrated development environment with network-based compilation and sandboxed native machine-language capabilities | |
| EP2881881B1 (en) | Machine-readable medium, method and system for detecting java sandbox escaping attacks based on java bytecode instrumentation and java method hooking | |
| CN111770206B (en) | Method for deploying intelligent contract, block chain node and storage medium | |
| CN105046116B (en) | Protect dex files not by the method for decompiling in android system | |
| CN108365994B (en) | Cloud security management platform for cloud computing security unified management | |
| CN108205615B (en) | Implementation system and implementation method for optimizing trusted basic component | |
| CN108898007A (en) | A kind of safety method based on JavaAgent and dll enhancing Java distribution software | |
| CN103345604A (en) | Sandbox system based on light-weight virtual machine monitor and method for monitoring OS with sandbox system | |
| CN112906068B (en) | Block chain external agent technology calculation control method | |
| CN105630534A (en) | TrustZone framework-based application program execution method and device as well as terminal | |
| CN105184167A (en) | Trusted platform module (TPM) fine-grained permission-based Android system security enhancement system and method | |
| CN115580491B (en) | Industrial control programming platform based on state cryptographic algorithm, construction method and operation method | |
| CN111914251A (en) | Intelligent terminal safety protection method and system based on hybrid control technology | |
| CN110348206B (en) | Protection method, medium, device and computing equipment applied to android installation package (APK) | |
| Rahmati et al. | Applying the opacified computation model to enforce information flow policies in iot applications | |
| CN113051618B (en) | Intelligent contract privacy data processing system and method for block chain | |
| Kato | Safe and secure execution mechanisms for mobile objects | |
| CN111414625B (en) | Method and system for realizing computer trusted software stack supporting active trusted capability | |
| Hataba et al. | A proposed software protection mechanism for autonomous vehicular cloud computing | |
| CN112395614A (en) | Android application program virtualization protection method based on LLVM | |
| CN112906073A (en) | Method for realizing block chain secret calculation general model | |
| CN115080061B (en) | Anti-serialization attack detection method and device, electronic equipment and medium | |
| CN115391757A (en) | Artificial intelligence credible computing platform based on PKS system | |
| CN116644423A (en) | Method and device for monitoring container attack |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 200120 building C3, No. 101 Eshan Road, China (Shanghai) pilot Free Trade Zone, Pudong New Area, Shanghai Applicant after: Shanghai Lingshuzhonghe Information Technology Co.,Ltd. Address before: 18ef, China Resources Times Plaza, 500 Zhangyang Road, Pudong New Area, Shanghai, 200120 Applicant before: NENG LIAN TECH. LTD. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |